1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 #ifndef _KMFAPIP_H 26 #define _KMFAPIP_H 27 28 #include <kmfapi.h> 29 #include <kmfpolicy.h> 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 /* Plugin function table */ 36 typedef struct { 37 ushort_t version; 38 KMF_RETURN (*ConfigureKeystore) ( 39 KMF_HANDLE_T, 40 int, 41 KMF_ATTRIBUTE *); 42 43 KMF_RETURN (*FindCert) ( 44 KMF_HANDLE_T, 45 int, 46 KMF_ATTRIBUTE *); 47 48 void (*FreeKMFCert) ( 49 KMF_HANDLE_T, 50 KMF_X509_DER_CERT *); 51 52 KMF_RETURN (*StoreCert) ( 53 KMF_HANDLE_T, 54 int, KMF_ATTRIBUTE *); 55 56 KMF_RETURN (*ImportCert) ( 57 KMF_HANDLE_T, 58 int, KMF_ATTRIBUTE *); 59 60 KMF_RETURN (*ImportCRL) ( 61 KMF_HANDLE_T, 62 int, KMF_ATTRIBUTE *); 63 64 KMF_RETURN (*DeleteCert) ( 65 KMF_HANDLE_T, 66 int, KMF_ATTRIBUTE *); 67 68 KMF_RETURN (*DeleteCRL) ( 69 KMF_HANDLE_T, 70 int, KMF_ATTRIBUTE *); 71 72 KMF_RETURN (*CreateKeypair) ( 73 KMF_HANDLE_T, 74 int, 75 KMF_ATTRIBUTE *); 76 77 KMF_RETURN (*FindKey) ( 78 KMF_HANDLE_T, 79 int, 80 KMF_ATTRIBUTE *); 81 82 KMF_RETURN (*EncodePubkeyData) ( 83 KMF_HANDLE_T, 84 KMF_KEY_HANDLE *, 85 KMF_DATA *); 86 87 KMF_RETURN (*SignData) ( 88 KMF_HANDLE_T, 89 KMF_KEY_HANDLE *, 90 KMF_OID *, 91 KMF_DATA *, 92 KMF_DATA *); 93 94 KMF_RETURN (*DeleteKey) ( 95 KMF_HANDLE_T, 96 int, 97 KMF_ATTRIBUTE *); 98 99 KMF_RETURN (*ListCRL) ( 100 KMF_HANDLE_T, 101 int, KMF_ATTRIBUTE *); 102 103 KMF_RETURN (*FindCRL) ( 104 KMF_HANDLE_T, 105 int, KMF_ATTRIBUTE *); 106 107 KMF_RETURN (*FindCertInCRL) ( 108 KMF_HANDLE_T, 109 int, KMF_ATTRIBUTE *); 110 111 KMF_RETURN (*GetErrorString) ( 112 KMF_HANDLE_T, 113 char **); 114 115 KMF_RETURN (*FindPrikeyByCert) ( 116 KMF_HANDLE_T, 117 int, 118 KMF_ATTRIBUTE *); 119 120 KMF_RETURN (*DecryptData) ( 121 KMF_HANDLE_T, 122 KMF_KEY_HANDLE *, 123 KMF_OID *, 124 KMF_DATA *, 125 KMF_DATA *); 126 127 KMF_RETURN (*ExportPK12)( 128 KMF_HANDLE_T, 129 int, 130 KMF_ATTRIBUTE *); 131 132 KMF_RETURN (*CreateSymKey) ( 133 KMF_HANDLE_T, 134 int, 135 KMF_ATTRIBUTE *); 136 137 KMF_RETURN (*GetSymKeyValue) ( 138 KMF_HANDLE_T, 139 KMF_KEY_HANDLE *, 140 KMF_RAW_SYM_KEY *); 141 142 KMF_RETURN (*SetTokenPin) ( 143 KMF_HANDLE_T, 144 int, KMF_ATTRIBUTE *); 145 146 KMF_RETURN (*VerifyDataWithCert) ( 147 KMF_HANDLE_T, 148 KMF_ALGORITHM_INDEX, 149 KMF_DATA *, 150 KMF_DATA *, 151 KMF_DATA *); 152 153 KMF_RETURN (*StoreKey) ( 154 KMF_HANDLE_T, 155 int, 156 KMF_ATTRIBUTE *); 157 158 void (*Finalize) (); 159 160 } KMF_PLUGIN_FUNCLIST; 161 162 typedef struct { 163 KMF_ATTR_TYPE type; 164 boolean_t null_value_ok; /* Is the pValue required */ 165 uint32_t minlen; 166 uint32_t maxlen; 167 } KMF_ATTRIBUTE_TESTER; 168 169 typedef struct { 170 KMF_KEYSTORE_TYPE type; 171 char *applications; 172 char *path; 173 void *dldesc; 174 KMF_PLUGIN_FUNCLIST *funclist; 175 } KMF_PLUGIN; 176 177 typedef struct _KMF_PLUGIN_LIST { 178 KMF_PLUGIN *plugin; 179 struct _KMF_PLUGIN_LIST *next; 180 } KMF_PLUGIN_LIST; 181 182 typedef struct _kmf_handle { 183 /* 184 * session handle opened by kmf_select_token() to talk 185 * to a specific slot in Crypto framework. It is used 186 * by pkcs11 plugin module. 187 */ 188 CK_SESSION_HANDLE pk11handle; 189 KMF_ERROR lasterr; 190 KMF_POLICY_RECORD *policy; 191 KMF_PLUGIN_LIST *plugins; 192 } KMF_HANDLE; 193 194 #define CLEAR_ERROR(h, rv) { \ 195 if (h == NULL) { \ 196 rv = KMF_ERR_BAD_PARAMETER; \ 197 } else { \ 198 h->lasterr.errcode = 0; \ 199 h->lasterr.kstype = 0; \ 200 rv = KMF_OK; \ 201 } \ 202 } 203 204 #define KMF_PLUGIN_INIT_SYMBOL "KMF_Plugin_Initialize" 205 206 #ifndef KMF_PLUGIN_PATH 207 #if defined(__sparcv9) 208 #define KMF_PLUGIN_PATH "/lib/crypto/sparcv9/" 209 #elif defined(__sparc) 210 #define KMF_PLUGIN_PATH "/lib/crypto/" 211 #elif defined(__i386) 212 #define KMF_PLUGIN_PATH "/lib/crypto/" 213 #elif defined(__amd64) 214 #define KMF_PLUGIN_PATH "/lib/crypto/amd64/" 215 #endif 216 #endif /* !KMF_PLUGIN_PATH */ 217 218 KMF_PLUGIN_FUNCLIST *KMF_Plugin_Initialize(); 219 220 extern KMF_RETURN 221 VerifyDataWithKey(KMF_HANDLE_T, KMF_DATA *, KMF_ALGORITHM_INDEX, 222 KMF_DATA *, KMF_DATA *); 223 224 extern KMF_BOOL pkcs_algid_to_keytype( 225 KMF_ALGORITHM_INDEX, CK_KEY_TYPE *); 226 227 extern KMF_RETURN PKCS_VerifyData( 228 KMF_HANDLE *, 229 KMF_ALGORITHM_INDEX, 230 KMF_X509_SPKI *, 231 KMF_DATA *, KMF_DATA *); 232 233 extern KMF_RETURN PKCS_EncryptData( 234 KMF_HANDLE *, 235 KMF_ALGORITHM_INDEX, 236 KMF_X509_SPKI *, 237 KMF_DATA *, 238 KMF_DATA *); 239 240 extern KMF_PLUGIN *FindPlugin(KMF_HANDLE_T, KMF_KEYSTORE_TYPE); 241 242 extern KMF_BOOL IsEqualOid(KMF_OID *, KMF_OID *); 243 244 extern KMF_RETURN copy_algoid(KMF_X509_ALGORITHM_IDENTIFIER *destid, 245 KMF_X509_ALGORITHM_IDENTIFIER *srcid); 246 247 extern KMF_OID *x509_algid_to_algoid(KMF_ALGORITHM_INDEX); 248 extern KMF_ALGORITHM_INDEX x509_algoid_to_algid(KMF_OID *); 249 250 extern KMF_RETURN PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession, 251 const KMF_X509_SPKI *, CK_KEY_TYPE, CK_OBJECT_HANDLE *, 252 KMF_BOOL *); 253 254 extern KMF_RETURN GetIDFromSPKI(KMF_X509_SPKI *, KMF_DATA *); 255 extern KMF_RETURN kmf_select_token(KMF_HANDLE_T, char *, int); 256 extern KMF_RETURN kmf_set_altname(KMF_X509_EXTENSIONS *, 257 KMF_OID *, int, KMF_GENERALNAMECHOICES, char *); 258 extern KMF_RETURN GetSequenceContents(char *, size_t, char **, size_t *); 259 extern KMF_X509_EXTENSION *FindExtn(KMF_X509_EXTENSIONS *, KMF_OID *); 260 extern KMF_RETURN add_an_extension(KMF_X509_EXTENSIONS *exts, 261 KMF_X509_EXTENSION *newextn); 262 extern KMF_RETURN set_integer(KMF_DATA *, void *, int); 263 extern void free_keyidlist(KMF_OID *, int); 264 extern KMF_RETURN copy_data(KMF_DATA *, KMF_DATA *); 265 extern void Cleanup_PK11_Session(KMF_HANDLE_T handle); 266 extern void free_dp_name(KMF_CRL_DIST_POINT *); 267 extern void free_dp(KMF_CRL_DIST_POINT *); 268 extern KMF_RETURN set_key_usage_extension(KMF_X509_EXTENSIONS *, 269 int, uint32_t); 270 extern KMF_RETURN init_pk11(); 271 extern KMF_RETURN test_attributes(int, KMF_ATTRIBUTE_TESTER *, 272 int, KMF_ATTRIBUTE_TESTER *, int, KMF_ATTRIBUTE *); 273 274 /* Indexes into the key parts array for RSA keys */ 275 #define KMF_RSA_MODULUS (0) 276 #define KMF_RSA_PUBLIC_EXPONENT (1) 277 #define KMF_RSA_PRIVATE_EXPONENT (2) 278 #define KMF_RSA_PRIME1 (3) 279 #define KMF_RSA_PRIME2 (4) 280 #define KMF_RSA_EXPONENT1 (5) 281 #define KMF_RSA_EXPONENT2 (6) 282 #define KMF_RSA_COEFFICIENT (7) 283 284 /* Key part counts for RSA keys */ 285 #define KMF_NUMBER_RSA_PUBLIC_KEY_PARTS (2) 286 #define KMF_NUMBER_RSA_PRIVATE_KEY_PARTS (8) 287 288 /* Key part counts for DSA keys */ 289 #define KMF_NUMBER_DSA_PUBLIC_KEY_PARTS (4) 290 #define KMF_NUMBER_DSA_PRIVATE_KEY_PARTS (4) 291 292 /* Indexes into the key parts array for DSA keys */ 293 #define KMF_DSA_PRIME (0) 294 #define KMF_DSA_SUB_PRIME (1) 295 #define KMF_DSA_BASE (2) 296 #define KMF_DSA_PUBLIC_VALUE (3) 297 298 #ifndef max 299 #define max(a, b) ((a) < (b) ? (b) : (a)) 300 #endif 301 302 /* Maximum key parts for all algorithms */ 303 #define KMF_MAX_PUBLIC_KEY_PARTS \ 304 (max(KMF_NUMBER_RSA_PUBLIC_KEY_PARTS, \ 305 KMF_NUMBER_DSA_PUBLIC_KEY_PARTS)) 306 307 #define KMF_MAX_PRIVATE_KEY_PARTS \ 308 (max(KMF_NUMBER_RSA_PRIVATE_KEY_PARTS, \ 309 KMF_NUMBER_DSA_PRIVATE_KEY_PARTS)) 310 311 #define KMF_MAX_KEY_PARTS \ 312 (max(KMF_MAX_PUBLIC_KEY_PARTS, KMF_MAX_PRIVATE_KEY_PARTS)) 313 314 typedef enum { 315 KMF_ALGMODE_NONE = 0, 316 KMF_ALGMODE_CUSTOM, 317 KMF_ALGMODE_PUBLIC_KEY, 318 KMF_ALGMODE_PRIVATE_KEY, 319 KMF_ALGMODE_PKCS1_EMSA_V15 320 } KMF_SIGNATURE_MODE; 321 322 #define KMF_CERT_PRINTABLE_LEN 1024 323 #define SHA1_HASH_LENGTH 20 324 325 #define OCSPREQ_TEMPNAME "/tmp/ocsp.reqXXXXXX" 326 #define OCSPRESP_TEMPNAME "/tmp/ocsp.respXXXXXX" 327 328 #define _PATH_KMF_CONF "/etc/crypto/kmf.conf" 329 #define CONF_MODULEPATH "modulepath=" 330 #define CONF_OPTION "option=" 331 332 typedef struct { 333 char *keystore; 334 char *modulepath; 335 char *option; 336 KMF_KEYSTORE_TYPE kstype; 337 } conf_entry_t; 338 339 typedef struct conf_entrylist { 340 conf_entry_t *entry; 341 struct conf_entrylist *next; 342 } conf_entrylist_t; 343 344 345 extern KMF_RETURN get_entrylist(conf_entrylist_t **); 346 extern void free_entrylist(conf_entrylist_t *); 347 extern void free_entry(conf_entry_t *); 348 extern conf_entry_t *dup_entry(conf_entry_t *); 349 extern boolean_t is_valid_keystore_type(KMF_KEYSTORE_TYPE); 350 extern KMF_BOOL is_eku_present(KMF_X509EXT_EKU *, KMF_OID *); 351 extern KMF_RETURN parse_eku_data(const KMF_DATA *, KMF_X509EXT_EKU *); 352 extern KMF_RETURN 353 copy_extension_data(KMF_X509_EXTENSION *, KMF_X509_EXTENSION *); 354 355 #ifdef __cplusplus 356 } 357 #endif 358 #endif /* _KMFAPIP_H */ 359
Indexes created Sun Nov 22 02:16:54 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.